Link to home
Start Free TrialLog in
Avatar of PeterTrefren
PeterTrefrenFlag for United States of America

asked on

unable to assign full trust to .net 2.0 application

I'm trying to configure my Visual Basic 2005 application to run with full trust.  The application will run out of my bin directory but will not run on other computers or other drives without an error message.  When I configure the application to have a strong name and configure the .net 2.0 configuration to handle the strong name it will run.  However the targeted machines do not display the .net 2.0 configuration interface from administrative tools.  I have click "Enable ClickOnce Security Settings" checked along with "This is a full trust application"  and I don't have any of the signing options checked.  When I run the application I get the same error message as when I run with out a strong name associated with the exe.  I'm just wondering what I might be overlooking.
ASKER CERTIFIED SOLUTION
Avatar of Éric Moreau
Éric Moreau
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of PeterTrefren

ASKER

I used the mscorcfg.msc applet to configure for full trust.  I'm now able to run the application off of our server.  I ran the msi file on a target machine and the application still will not run.  I also ran the caspol.exe utility with same results.  I've verified the server is in the local_intranet zone.  The target  machine is still not able to run the application from either the local or server drive.
You need to modify the security settings on each PC (not on the server).

You have to adjust the security of the assembly or the zone (through the .NET Framework 2.0 Configuration Tool )

from http://msdn2.microsoft.com/en-us/library/2bc0cxhc.aspx#anchor8

To increase assembly trust
Click the Runtime Security Policy node of the console tree.

Click the Action menu, and select from the available commands.

Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Increase Assembly Trust link in the pane on the right. The tool displays a corresponding wizard.

Follow the directions that appear in the wizard to increase the level of trust granted to an assembly that you specify.

The wizard allows you to modify security policy based upon available information about the assembly's evidence. For a list and description of the common types of evidence, see the Evidence topic.

To adjust zone security
Click the Runtime Security Policy node of the console tree.

Click the Action menu, and select from the available commands.

Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Adjust Zone Security link in the pane on the right. The tool displays a corresponding wizard.

Follow the directions that appear in the wizard to modify the level of trust granted to all assemblies from a particular zone. For a list and description of valid zones, see the Security topic.
The problem I'm having is that although I can change the security settings through the console interface I'm not able change them through the either the msi or the command line routes.  I've verified this on my machine and I'm assuming this is the case on the client machine I tried to configure.   To make the update I used 'caspol -machine -chggroup LocalIntranet_Zone FullTrust' from the command line.  Although the command line returns the update was successful when I verify it against the console the update had no effect.  The application does not run unless I make the change through the console.  Is there a way using caspol to find out what the current security setting is for the LocalIntranet_Zone on the client PC?      
>>Although the command line returns the update was successful when I verify it against the console the update had no effect.

Are you sure that you are using version 2.0 of the Caspol tool and also the version 2.0 of the console application.
Yes I do have the 2.0 version of capsol.  One of the things I discovered is that you must go back to administrative tools and reopen the console window to get the updated status after running the command line.  I've enclosed the results from running 'caspol -l' from both my machine and the client machine.  At this point it looks like both have the same security settings however I can run the application either from both my local or from the server drive.  The client is not able the app wether it is on the server or on the local drive.
Development-CAS.txt
Client-CAS.txt
I see now how caspol is able to increase the trust level.  I'll need to look at other potential issues as to why this application only runs on my development machine.  Although I have years of VB 6.0 development experience, this is my first deployment of a .NET application and I thought it would be just a matter of getting the right security settings on the client machine and then copying the files over from the bin directory.  I'll have to look at other potential issues.  Thanks for you help.